Mailcow-dockerized: Your spam, my ham

I see a lot of spam from TR lately, but I would not add it to mailcow as bad country. What if someone from TR fails to receive mail, because I - from Germany - blocked TR as bad country? :/

You _need_ to configure your spam filter for your own purpose. Every country has its own kind of spam. In Germany it is Krankenkassenkram or E-Roller for example. It can even depend on the company, what kind of spam they receive.

So a "this country is bad" or "this country is good" solution is not a good idea.

Combinations are better, but you cannot make them depend on a country for everybody using mailcow.

We can label this issue as a pool of ideas for good combinations though. I started adding "bad" tlds and bad words yesterday. In combination they fire to a very high score. :)

In fact, I use 4 lists, plus the default no-score. And it just gives/removes a small bonus. Most important for me is that 'unsolicited' email from my own country often is a ham to me.

Adding a small malus to TR is fine IMHO, if you are really receiving lots of spam from there. Id call that a 'suspicious' country. Just to add a little weight to the spamminess of those messages.

So a "this country is bad" or "this country is good" solution is not a good idea.

I probably did not express that well. Those are not white/black lists. But just add/remove weight. When in doubt I prefer to accept mail from my own country and refuse all Nigerian princes here.

You cannot make them depend on a country for everybody using mailcow.

My idea is to have EMPTY lists that admin can populate as they wish. For you DE is is home country, for me a nice nearby country. For me, AP and Africa are mostly suspicious, for someone living in VN that could be his home country

in your samples bad_asn you suggested #31034 but for anyone living here that's a wrong choice since Aruba is the largest hoster in Italy and you'd better whitelist them (or at least give a good score) if you don't want to surely lose important mail.

BTW, having a home-country map (and a nearby country map) partially solves that issue. I also use the ASN map to add even more hamminess to all mail from our community and institutions.

So I agree it's all a game of balancing. But being able to .map top-countries/neighbors/suspicious/bad with different scores to add/remove is an important part of the game.

i started adding "bad" TLDs and bad words yesterday.

that's one of the reasons I wrote this post. PLEASE add a # in front of them. I see in the bad tld even a few national country code TLDs:

/.+\.cz$/i
/.+\.rs$/i
/.+\.ru$/i
/.+\.se$/i
/.+\.si$/i
/.+\.tr$/i

that's your spam, could be someone else ham.
It looks better to me to use country maps and setting own geography. With no defaults. I live near the Slovenian border, I spent part of my summer holidays there, let me give those country codes a bonus, not a malus. Or I risk not getting my favorite hotel's last-minute offer. For my server and large part of my customers mail coming from .si is likely ham, not spam. On a server with customers located in the Asia-Pacific area different scores would have been better.

so my point is not to mix countries and TLDs, and not populate the country list, apart from examples

/.+\.cz$/i
/.+\.rs$/i
/.+\.ru$/i
/.+\.se$/i
/.+\.si$/i

I see that .cc and .tr were removed yesterday, now can we please remove the European (sic!) countries from the list finally? Czechia, Russia, Serbia, Slovenia, Sweden just must not be on that list.

They are only rated as bad when they also match the bad word list.

They are only rated as bad when they also match the bad word list.

Ah, fair enough. I still don't see the reason why these in particular show up on this list though.

I like @marrco's idea of separating country-specific and country-agnostic TLDs, maybe coming up with a concept of geographically favoured/neutral/suspected country segments.

We need to further split the rules and improve the compositions. :)

It's just a start. :)

I removed these TLDs though.

looks like not all have been removed:

.rs (Serbia)
.si (Slovenia)

are still present. Not a big issue I will modify those files and i already have those in my nearby-countries.map, but I see no reason to keep generic and country-specific codes mixed. Especially when spam and ham are often also relative to the distance from the sender.

I could say the same for .ar (Argentina) .cl (Chile) or .id (Indonesia) TLDs that are included in the list, but since I live in good ol' Europe that's fine to me.

Country codes should be removed, or allow us to have a simple multi-select form in the admin to block/spam from specific tld's

Just... change the files.

I do ;P

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.